package com.juzhencms.apps.busi.web;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import com.juzhencms.apps.base.common.annotation.IgnoreLog;
import com.juzhencms.apps.base.common.config.Config;
import com.juzhencms.apps.base.common.util.FileUtil;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;

@Controller
@Slf4j
@RequestMapping("/download")
public class DownloadController  extends BaseController{
	
	
	@RequestMapping(value="/downloadFile/{file}")
	@IgnoreLog //不记录访问日志
	public String downloadFile(@PathVariable("file") String fileName, HttpServletRequest request, HttpServletResponse response) {
		if (fileName != null) {
            try {
            	fileName=new String(Base64.decodeBase64(fileName));
			} catch (Exception e) {
				// TODO Auto-generated catch block
				log.error("",e);
			}
            
            //判断路径是否合法
            if(fileName.indexOf("../")>=0 || fileName.indexOf("..\\")>=0){
            	try {
					response.getWriter().write("不允许访问");
				} catch (IOException e) {
					// TODO Auto-generated catch block
					log.error("",e);
				}
            }
            
            //判断文件类型是否合法
            String extType=FileUtil.getExtName(fileName);
            String[]forbiddenType={null,"","java","class","php","jsp","sql","xml","sh","bat"};
            if(Arrays.asList(forbiddenType).contains(extType)){
            	try {
					response.getWriter().write("禁止下载");
				} catch (IOException e) {
					// TODO Auto-generated catch block
					log.error("",e);
				}
            }
            
            String filePath=this.getCommonService().getConfig().getUploadFilePath()+"/"+fileName;
            
            File file = new File(filePath);
            if (file.exists()) {
                response.setContentType("application/force-download");// 设置强制下载不打开
                response.addHeader("Content-Disposition",
                        "attachment;fileName=" + file.getName());// 设置文件名
                byte[] buffer = new byte[1024];
                FileInputStream fis = null;
                BufferedInputStream bis = null;
                try {
                    fis = new FileInputStream(file);
                    bis = new BufferedInputStream(fis);
                    OutputStream os = response.getOutputStream();
                    int i = bis.read(buffer);
                    while (i != -1) {
                        os.write(buffer, 0, i);
                        i = bis.read(buffer);
                    }
                } catch (Exception e) {
                    // TODO: handle exception
                	log.error("",e);
                } finally {
                    if (bis != null) {
                        try {
                            bis.close();
                        } catch (IOException e) {
                            // TODO Auto-generated catch block
                        	log.error("",e);
                        }
                    }
                    if (fis != null) {
                        try {
                            fis.close();
                        } catch (IOException e) {
                            // TODO Auto-generated catch block
                        	log.error("",e);
                        }
                    }
                }
            }else{
            	try {
					response.getWriter().write("文件不存在");
				} catch (IOException e) {
					// TODO Auto-generated catch block
					log.error("",e);
				}
            }
        }
        return null;
	}
}
